I think this is normal... normally ftp involves two connections, one
from the client to the server and one back from the server to the
client. That doesn't work with IP masqing (we don't allow incoming
connections generally).
"Passive" ftp is just ftp over a single connection; the client tells the
server to send all responses to the originating port instead of opening
a new connection. Then the masqing code on the firewall knows to let
those packets back in.
So it looks to me like either your client machine is doing passive ftp
on its own, or the firewall is translating the connection into passive
mode itself and recording the fact in the log.
Somebody correct me if I'm wrong.
-m
Ed Lazor wrote:
>
> One of my workstations is generating this message in the firewall:
>
> Jun 19 20:10:12 audi kernel: ip_masq_ftp OUT: got PASV
>
> The firewall's pretty simple... running ip masquerading and I have the
> various modules loaded. Should I ignore the error message or is it
> reporting a problem I should fix?
>
> -Ed
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
